Over the last decade, malicious attacks have become a pervasive problem for Internet users as most networked resources include software having vulnerabilities. For instance, over the past few years, more and more vulnerabilities are being discovered in software that is loaded onto network devices, such as vulnerabilities within operating systems for example. While some software vulnerabilities continue to be addressed through software patches, network devices will continue to be targeted for attack in efforts to acquire sensitive information or adversely affect operations of various enterprises.
In general, efforts have been made to counter malicious attacks over web traffic. For instance, a conventional intrusion prevention system (IPS) device may be deployed within an enterprise network in efforts to protect endpoint devices against known attacks. However, conventional IPS devices are unable to protect against unrecognized attacks and are unable to remediate compromised endpoint devices.
Additionally, other types of conventional security system may be deployed in order to detect unrecognized attacks. While capable of detecting unrecognized attack, these conventional security devices are not designed to prevent such attacks from compromising (e.g., infecting) one or more endpoint devices. This creates a gap in the security coverage between identifying the compromised endpoint devices and relying on other means to apply a remedy to halt malicious activity by the compromised endpoint devices.
It is contemplated that, within this gap in security coverage, there is a possibility of a lateral spread of malware, namely the number of compromised endpoint devices may increase within the local network, which would cause more damage to the network and an increase in the amount of time needed to remediate the malware. However, even if malware is promptly remediated, until an appropriate software patch to address the software vulnerability is available and applied, the previously compromised endpoint devices are still susceptible to another malicious attack and reoccurrence of the infection. Hence, there is a need to close this gap in security coverage.